Embodiments of the present invention relate generally to methods and systems for performing a static analysis on software source code and more particularly to performing static analysis of query expressions embedded in programming language source code.
Applications that utilize a database are often developed with database commands, queries, and/or objects embedded in the source code of those applications. For example, Procedural Language/Structured Query Language (PL/SQL) is a programming language often embedded in applications utilizing databases. As a database implementation grows, the amount of business logic coded in it becomes quite significant. Additionally, for large applications such as enterprise applications, use of the database and the embedded SQL code for doing so can be extensive and voluminous. A need exists to improve the quality of the code used in such PL/SQL program units. However, current approaches to verifying or analyzing source code do not provide a way to also analyze the embedded database commands or queries. As a result, there is often a failure to verify the quality of PL/SQL or other embedded SQL code to locate potentially vulnerable code. The cost of bugs or vulnerabilities exponentially increases with the delay in finding them. Hence, there is a need for improved methods and systems for performing static analysis of query expressions embedded in programming language source code which would analyze PL/SQL in the source code files to find out both critical and trivial bugs which would be of useful to the developer to improve the quality of the code.